From 99e45afced8569b7091d7a6c1c77e6c43be09967 Mon Sep 17 00:00:00 2001 From: Pradeep Srikakolapu Date: Fri, 22 Nov 2024 15:32:20 -0800 Subject: [PATCH] Testing OIDC --- .github/workflows/integration-tests-azure.yml | 75 ++++++++++++------- 1 file changed, 49 insertions(+), 26 deletions(-) diff --git a/.github/workflows/integration-tests-azure.yml b/.github/workflows/integration-tests-azure.yml index 0691777..2fccb72 100644 --- a/.github/workflows/integration-tests-azure.yml +++ b/.github/workflows/integration-tests-azure.yml @@ -4,9 +4,11 @@ on: # yamllint disable-line rule:truthy workflow_dispatch: pull_request: branches: - - main - + - oidc_connect jobs: + permissions: + id-token: write # This is required for requesting the JWT + contents: read # This is required for actions/checkout integration-tests-azure: name: Regular strategy: @@ -21,27 +23,48 @@ jobs: container: image: ghcr.io/${{ github.repository }}:CI-${{ matrix.python_version }}-msodbc${{ matrix.msodbc_version }} steps: - - name: AZ CLI login - run: az login --service-principal --username="${AZURE_CLIENT_ID}" --password="${AZURE_CLIENT_SECRET}" --tenant="${AZURE_TENANT_ID}" - env: - AZURE_CLIENT_ID: ${{ secrets.DBT_AZURE_SP_NAME }} - AZURE_CLIENT_SECRET: ${{ secrets.DBT_AZURE_SP_SECRET }} - AZURE_TENANT_ID: ${{ secrets.DBT_AZURE_TENANT }} - - - uses: actions/checkout@v4 - - - name: Install dependencies - run: pip install -r dev_requirements.txt - - - name: Run functional tests - env: - DBT_AZURESQL_SERVER: ${{ secrets.DBT_AZURESQL_SERVER }} - DBT_AZURESQL_DB: ${{ secrets.DBT_AZURESQL_DB }} - AZURE_CLIENT_ID: ${{ secrets.DBT_AZURE_SP_NAME }} - AZURE_CLIENT_SECRET: ${{ secrets.DBT_AZURE_SP_SECRET }} - AZURE_TENANT_ID: ${{ secrets.DBT_AZURE_TENANT }} - FABRIC_TEST_DRIVER: 'ODBC Driver ${{ matrix.msodbc_version }} for SQL Server' - DBT_TEST_USER_1: dbo - DBT_TEST_USER_2: dbo - DBT_TEST_USER_3: dbo - run: pytest -ra -v tests/functional --profile "${{ matrix.profile }}" + + # Checkout repository + - name: Checkout repository + uses: actions/checkout@v4 + + # Azure login using federated credentials + - name: Azure login with OIDC + uses: azure/login@v2 + with: + client-id: ${{ secrets.DBT_AZURE_SP_NAME }} + tenant-id: ${{ secrets.DBT_AZURE_TENANT }} + allow-no-subscriptions: true + federated-token: true + + + # Get an access token for a specific resource (e.g., a database) + - name: Get Azure Access Token + id: get-token + run: | + TOKEN=$(az account get-access-token --resource "https://database.windows.net//.default" --query accessToken -o tsv) + echo "::add-mask::$TOKEN" # Mask the token in the logs + echo "ACCESS_TOKEN=$TOKEN" >> $GITHUB_ENV + echo "Token fetched successfully" + + # Print the token (for debugging) + - name: Print Access Token + run: | + echo "Access Token: ${{ env.ACCESS_TOKEN }}" + + + # - name: Install dependencies + # run: pip install -r dev_requirements.txt + + # - name: Run functional tests + # env: + # DBT_AZURESQL_SERVER: ${{ secrets.DBT_AZURESQL_SERVER }} + # DBT_AZURESQL_DB: ${{ secrets.DBT_AZURESQL_DB }} + # AZURE_CLIENT_ID: ${{ secrets.DBT_AZURE_SP_NAME }} + # AZURE_CLIENT_SECRET: ${{ secrets.DBT_AZURE_SP_SECRET }} + # AZURE_TENANT_ID: ${{ secrets.DBT_AZURE_TENANT }} + # FABRIC_TEST_DRIVER: 'ODBC Driver ${{ matrix.msodbc_version }} for SQL Server' + # DBT_TEST_USER_1: dbo + # DBT_TEST_USER_2: dbo + # DBT_TEST_USER_3: dbo + # run: pytest -ra -v tests/functional --profile "${{ matrix.profile }}"